CVE-2025-21669

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 31, 2025

Updated: Feb 4, 2025

CWE ID 476

Summary

CVE-2025-21669 is a recently identified vulnerability in the Linux kernel. This issue affects the vsock/virtio subsystem, where packets are not discarded if the transport changes. This can result in receiving packets that are not expected, leading to potential issues when accessing vsk->transport. In particular, if a socket has been de-assigned or assigned to another transport, null pointer dereferencing may occur. A scenario illustrating this behavior is described in detail by Hyunwoo Kim in the provided link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/280vqD
https://www.cve.org/CVERecord?id=CVE-2025-21669
https://nvd.nist.gov/vuln/detail/CVE-2025-21669

Back to Vulnerability Database

CVE-2025-21669

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations